Pymetasploit3 Command Injection Vulnerability in Module Option Handling

A command injection vulnerability exists in the Pymetasploit3 library, specifically in the 'console.run_module_with_output()' function, in versions through 1.0.6. This vulnerability allows attackers to inject newline characters into module options like RHOSTS, disrupting the intended command structure. As a result, the Metasploit console may execute unintended additional commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.

Impact

Exploitation of this vulnerability could result in arbitrary command execution within the context of the Metasploit console, allowing for unauthorized commands to be executed and potentially leading to further exploitation or manipulation of Metasploit sessions.

Reproduction

To reproduce this vulnerability, inject a newline character into the RHOSTS option of a Metasploit module using the Pymetasploit3 library. This can be done by creating a 'MsfRpcClient' instance, loading a console, and then using the 'run_module_with_output()' method to execute a module while including the newline character in the RHOSTS option. The injected newline will disrupt the command execution, causing the console to process additional unintended commands.